What we’re reading this week from the world of risk management.
Norman Marks: Explaining risk management in plain English
Marks has a challenge for you: try to define “risk management” without using the word risk. Go!
Corporate Compliance Insights: PCI DSS Compliance Should Not Be A Check-the-Box Fire Drill
PCI requirements should be baked into your organization’s daily processes, including automated data collection and reporting. Realtime reports should be available to stakeholder’s hands so that they can take prioritized action to minimize risks, year-round.
Risk Intelligence Blog: COSO’s new Enterprise Risk Framework
The full document runs over 125 pages, but the Executive Summary is a good read. It’s written for a general audience and provides a great overview of the principles of ERM.
Data Breach Today: NIST Plans Cybersecurity Framework Update
Program Manager Matt Barrett discusses how the cybersecurity framework helps facilitate communication among technical and nontechnical managers and executives who must collaborate to keep their enterprises’ information systems secure.
Investment Executive: OSFI to streamline its approach to corporate governance
“Rudin said that OSFI is going to streamline its expectations for boards, to make them better adapted to the size, complexity and risk profile of the institutions. “This will create better opportunities for boards to concentrate on the prudential responsibilities that truly matter. And it will create opportunities for OSFI to set, and achieve, high standards for effective risk governance by boards,” he said.
GovInfoSecurity: Recruiting CISOs: The Skills Now in Demand
Corporate Compliance Insights: The State of the Chief Compliance Officer in 2016
A pair of articles about the evolving roles of CISOs, CIOs, and CCOs.
Join our Risk Intelligence group on LinkedIn to get our weekly update every week.